This is a discussion on Java Client accessing .NET Web Service and Kerberos Delegation withAD - Kerberos ; Hi all,
we are running a .NET web service which uses Kerberos delegation to
access a backend service on behalf of the client's security context.
We have no problem with .NET client applications or IE accessing the web
service, but ...

Java Client accessing .NET Web Service and Kerberos Delegation withAD

we are running a .NET web service which uses Kerberos delegation to
access a backend service on behalf of the client's security context.

We have no problem with .NET client applications or IE accessing the web
service, but in case of a Java app acting as client, delegation fails.

The Java app correctly requests a TGT from the Win 2003 Active Directory
and then requests and gets a valid service ticket to access the .NET web
service. After that, the web service does a programmatically
impersonation before making a ADSI/LDAP bind to the AD. This
impersonation fails in case of a Java application.